Derniers sujets
» ma liste de minis
par qc mech Sam 04 Juin 2016, 10:30 pm

» Job 1: The Milk Run (honest!)
par Noirfatale Lun 25 Avr 2016, 12:02 am

» Ninja All-Stars
par Rathy Jeu 10 Mar 2016, 5:54 am

» Torin "McTwist" O'Neil
par Rathy Jeu 31 Déc 2015, 11:22 pm

» Joyeux Noël
par Noirfatale Dim 27 Déc 2015, 1:54 am

» what if lord Vador was Donald Trump
par Metalmek Ven 11 Déc 2015, 9:45 pm

» Battlebabes!
par Rathy Dim 06 Déc 2015, 5:15 pm

» "It's Shai Hullicious!", Pain en forme de ver de "Dune"
par Metalmek Dim 06 Déc 2015, 5:30 am

» Un rêve de gamer...
par qc mech Ven 30 Oct 2015, 11:11 pm

» Lazy compagny
par qc mech Ven 30 Oct 2015, 12:58 pm

Juin 2018

Calendrier Calendrier

3 - comment hacker un biometric quand on est pas un hacker

Aller en bas

3 - comment hacker un biometric quand on est pas un hacker

Message  Noirfatale le Ven 18 Juil 2008, 4:10 pm

A staple of a certain type of movie or story is the retinal scan to gain access to a high security computer or a top secret research facility. A play on that name is certainly the subject of numerous gaming table puns. Some modern laptop computers are secured by fingerprint scanners, and over a decade ago voiceprint identification was used to secure medical research facilities. These are all examples of biometric scanners, that is devices which identify a person by physical traits that are unique to them.

At some point you may feel the urge to include biometric scanners in your game. In the real world biometric scanners pose a number of challenges for successful implementation and maintaining security. You can utilize those challenges to bring a sense of realism to your game as well as provide adventure seeds.


The fundamental problem with biometric scanners is that they are identifying you with information that is available to anybody who is in the same location as you, or even places where you have been recently. That means that with a sufficient amount of work anybody can pick up your information and use it.

Another problem with biometric identification is that living things are variables, not constants. My fingerprint can be damaged by accidents, voices can be affected by disease or climate, surgery or injury can make retinal scanners ineffective, a good fist fight can defeat facial recognition, and eating or handling sushi can confound dna scanners. More on this topic later.

If the resource being secured is not especially high value, the security measures are meant more as discouragement than an assurance of security and simply relying on biometric measures is sufficient. Higher value targets will (or should) be secured by additional layers of protection.

For example, at a large veterinary research facility where I worked (as a lowly painter) the facility was secured via voiceprint identification. That security wasn't especially difficult to bypass, which was good because it also wasn't that reliable. My voice recorded in the comfort of the security office was a poor match for my voice after a half mile walk to work on a bitter cold January morning.

Bypassing Biometric Scanners

This is where the fun begins for your players. No biometric scanner is immune to spoofing, providing the spoofers are willing to go to sufficient lengths.

Faking Fingerprints

Fingerprint scanners are the easiest to defeat. Except for eccentrics, most people leave fingerprints lying around all over the place. Follow your subject to a coffee shop, and when they leave snag their cup before it goes to the dish washer. Grab a water bottle, or lift prints off the doorknob to their apartment. Common celophane tape is enough to lift and retain a fingerprint. Packing tape is especially good because it is wide and durable, making it good for picking up even larger prints.

A little bit of creativity with cyanoacrylate glue will raise the fingerprint captured on the tape, making a duplicate of the fingerprint good enough to fool a scanner, or even deposit a new latent print at a crime scene if a thin oil layer is applied (see Steve Martini's Double Tap for a fictional instance of this very trick). A more sophisticated scanner will also check the temperature of the finger in question. Transfering the raised print to a latex glove and slipping that glove over your hand (or adhering a thin latex cast to the bare fingertip) will fool the temperature sensing scanner.

This technique is pretty high tech, but has the advantage that only a little bit of care is needed to keep anybody from realizing that this information has been gathered. At most they'll think you're a kook for collecting used water bottles.

If you are able to move quickly on the resource and only need to access it once, a more low tech approach is readily available at any hardware store. An axe, an ugly accident in a dark alley, and you've got access to the resource using the original finger. The temperature scan is easily defeated by keeping the finger warm in your hand until it's time to use it.

Voiceprint Identification

Modern audio recorders are cheap, highly concealable, and very accurate. Voice recording is a common feature of many portable music players, cell phones and even as cheap stand-alone devices. If the attackers can get within hearing distance of the target, getting a workable voice recording should be possible. Free audio editing software can be used to isolate necessary keywords into a file that can be replayed when the intruder is challenged by the security system. Only a mild bit of creativity is needed to keep the replaying device concealed from an observer.

Facial Recognition

Depending on the technology used this may or may not be a problem. It may be as simple as holding a picture of an authorized person up to the camera, so that the face appears the right size and perspective. Backgrounds, even moving backgrounds, are easy to falsify with currently available technology.

If movement is needed a latex mask, either sculpted from photos or taken from a shiny new corpse, should be sufficient for inspection by a camera.

A little creativity by somebody with physics knowledge would even allow capturing a hologram of the authorized person. The materials to make a single color hologram can be purchased for well under $100, being principally a $20 laser pointer, a light tight box (carboard and duct tape), a mirror and a film processing canister. Special holographic film can be purchased, either via mail order or possibly over the counter in larger photo or scientific supply shops, from every major film maker. For a crude but effective hologram black and white film with a very low ISO number will be sufficient.

The one caveat with holograms for defeating security cameras has to do with the dynamic range of the camera. Cameras have a tendency to be sensitive only to certain wavelengths of light. Because holograms are tied so closely to specific wavelengths of light there is a very serious possibility of a mismatch, so that the carefully captured hologram is useless for this purpose. The wise game master will make investigating this part of the group's challenge.

Retinal Scanners

Retinal scanning is subject to most of the same attacks that facial recognition is. The scan normally looks at the pattern of blood vessels on the back of the eye. Getting this information is a little more involved. Some particularly sneaky work with high tech cameras or a holographic setup could capture the information sereptitiously.

Holding the developed film in front of the camera may be sufficient. For a more sophisticated scanner that checks other information such as eye movement, iris dilation or body temperature, the retinal image can be transferred to a contact lens, and that lens worn when compromising the system. There are special effects houses which will produce custom non-corrective contact lenses for a fairly reasonable amount of money.

The low tech approach works here perfectly well too. The same dark alley, the same fresh corpse, this time with a carefully extracted eyeball. It adds a certain "ick" factor, but if the resource is sufficiently valuable people of the necessary moral flexibility can always be found.

Using Scanners In Game

When using scanners to secure a resource keep in mind the difficulties that I have described above. For every biometric security challenge, there is a corresponding compromise for those willing to go to sufficient lengths.

When I have seen them biometric scaners are meant to be used either without any human monitoring, or they are manned by an anonymous low-paid employee who doesn't know the people being identified. This means that the principal check for bypassing should generally be against the designers of the system. If there is a person watching the scanner then that person's alertness, however that is rated in your game, should be the opposing score to test against.
El Dictator

Messages : 1781
Date d'inscription : 15/04/2008
Age : 43

Voir le profil de l'utilisateur

Revenir en haut Aller en bas

Revenir en haut

- Sujets similaires

Permission de ce forum:
Vous ne pouvez pas répondre aux sujets dans ce forum